Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

memory leak in ReadMPCImage coders/mpc.c:228 #739

Closed
jerryl3e opened this issue Sep 8, 2017 · 2 comments

Comments

Projects
None yet
4 participants
@jerryl3e
Copy link

commented Sep 8, 2017

version:
ImageMagick 7.0.7-1 Q16 x86_64
gcc 7.1

crash link :
https://raw.githubusercontent.com/jerryl3e/poc/master/im_poc_1504839414

trigger command :
./magick convert im_poc_1504839414 /dev/null

detail :


root@work:/home/work/fuzzing/ImageMagick-7.0.7-1/utilities# ./magick convert im_poc_1504839414 /dev/null
convert: improper image header `im_poc_1504839414' @ error/mpc.c/ReadMPCImage/573.
convert: no images defined `/dev/null' @ error/convert.c/ConvertImageCommand/3275.

=================================================================
==128575==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 4096 byte(s) in 1 object(s) allocated from:
    #0 0x7effb74b9920 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde920)
    #1 0x7effb6b3b336 in AcquireMagickMemory MagickCore/memory.c:464
    #2 0x7effb6b3b38a in AcquireQuantumMemory MagickCore/memory.c:537
    #3 0x7effb6c6d0ce in AcquireString MagickCore/string.c:136
    #4 0x7effb6d97218 in ReadMPCImage coders/mpc.c:228
    #5 0x7effb69ce6b0 in ReadImage MagickCore/constitute.c:497
    #6 0x7effb69d1597 in ReadImages MagickCore/constitute.c:866
    #7 0x7effb62a4242 in ConvertImageCommand MagickWand/convert.c:641
    #8 0x7effb639dacd in MagickCommandGenesis MagickWand/mogrify.c:183
    #9 0x401a25 in MagickMain utilities/magick.c:149
    #10 0x401c9e in main utilities/magick.c:180
    #11 0x7effb59c982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

SUMMARY: AddressSanitizer: 4096 byte(s) leaked in 1 allocation(s).

Credit:Baidu Security Lab

urban-warrior pushed a commit that referenced this issue Sep 8, 2017

Cristy
@mikayla-grace

This comment has been minimized.

Copy link

commented Sep 8, 2017

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow.

@fgeek

This comment has been minimized.

Copy link

commented Sep 12, 2017

Please use CVE-2017-14324 for this issue.

@dlemstra dlemstra added the bug label Sep 12, 2017

@dlemstra dlemstra closed this Sep 12, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.